Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\2a7ab44b] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\56d181cd] 'Start' = '00000002'
- '%TEMP%\10b5c7.exe'
- '%TEMP%\10b2f9.tmp'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\Coor.bat
- '<SYSTEM32>\regsvr32.exe' /s /c <SYSTEM32>\kakutk.dll
- '<SYSTEM32>\conhost.exe'
- %TEMP%\2HaufF.dll
- %TEMP%\wyu.dll
- %TEMP%\C1.zip
- <SYSTEM32>\wshtcptk.dll
- %TEMP%\Coor.bat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\post[1].asp
- <DRIVERS>\2a7ab44b.sys
- %TEMP%\B1.zip
- %TEMP%\10b5c7.exe
- <Полный путь к вирусу>
- %TEMP%\10b2f9.tmp
- %TEMP%\A1.zip
- <SYSTEM32>\kakutk.dll
- <DRIVERS>\56d181cd.sys
- %TEMP%\10b5c7.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\post[1].asp
- <DRIVERS>\2a7ab44b.sys
- '19#.#05.210.189':80
- 19#.#05.210.189/kaixin/post.asp?ma##################################################################################################################
- '22#.0.0.252':5355